U.S. Power Grid Compromised by Cyberspies

By  |  Wednesday, April 8, 2009 at 9:19 pm

Foreign intelligence agents critically infiltrated systems that operate critical U.S. infrastructure, and left behind malicious software that could disrupt and endanger the day-to-day lives of Americans, the Wall Street Journal reports.

The paper cites anonymous current and former U.S. intelligence officials in its report. The spies are reported to have been agents of China, Russia, and various unnamed other countries. The officials said that the intruders was a mission to map the U.S. electrical grid and other critical infrastructure, and to cultivate the capability to disrupt that infrastructure during a crisis. I’m certainly not surprised, and U.S. agents have probably done the same thing to other countries.

In my reporting for SD Times, I have spoken with companies that develop software according to the US National Security Agency’s Common Criteria Evaluation Assurance Level (EAL) program. EAL is an initiative operated by the National Security Agency to help industry create secure software, and classify existing software. The program is a relatively new public initiative that was born out of the “orange book,” the U.S. military’s once closely guarded guidelines for software security.

To date, only Green Hills Software, a company that develops a specialized operating system called Integrity, has received an acceptably high score on the EAL to address the problem. The NSA is also sponsoring secure programming classes at public universities.

Why is the NSA involving itself in the private sector, you may ask? It needs help. In a recent interview, Rex Black, president of Rex Black Consulting Services, explained to be how software engineers are essentially playing a game of multidimensional chess against hackers.

Black said that a big part of the problem is that modern operating systems (and that includes open-source ones) are constantly evolving and contain tens of millions of lines of code. It is only a matter of time until a defect slips by and is discovered by cybercriminals–or spies – even when the best development practices are followed.

And the technological environment in which an operating system exists is constantly in flux, making it nearly impossible to foresee threats that do not presently exist, but might exist in the future, Black said.

People involved with the EAL effort have told me just how poor the state of infrastructure security is. But fear not, in my research, security industry executives and an NSA official have assured me that President Obama “gets it.”

The reality is that there is an infrastructure crisis, and the WSJ’s hacking report, while troubling, is only a symptom of what ails us. The American Society of Civil Engineers has spent much of the past decade grading the nation’s infrastructure, only to be ignored.

This year, the engineers give the U.S. an overall grade of a D, and estimate that it will take an investment of several trillion dollars to bring states up to code. The stimulus package only goes a small way toward meeting those needs.

It’s time for the U.S to get serious about infrastructure, and yes, it costs money to do these things. That could even require –gasp~-a tax hike to pay for our safety. The work needs to be done, and is long overdue.

 
7 Comments


Read more: 

6 Comments For This Post

  1. tom b Says:

    The Chinese are NOT our allies. Look what they did to Tibet. They’d do the same thing to us in an instant, if there were profit in it. But, for now, they just smile and sell us lead-contaminated trinkets while stealing our jobs and manipulating their currency.

  2. David Worthington Says:

    tom, they are not our allies, but they have been our banker since the early 2000’s. 🙂

  3. JDoors Says:

    “This year, the [American Society of Civil Engineers] … estimate that it will take an investment of several trillion dollars to bring states up to code. The stimulus package only goes a small way toward meeting those needs.

    It’s time for the U.S to get serious about infrastructure, and yes, it costs money to do these things. That could even require –gasp~-a tax hike to pay for our safety. The work needs to be done, and is long overdue.”

    Oh hey, what’s another several trillion dollars of debt if it’ll protect us during some imaginary threat? We COULD do this to other nations, they could do it to us, but under what possible scenario would it make sense for any of the largest nations to cripple another?

    Who says time travel isn’t possible? I feel like I’ve been transported back to the fifties: “Big scary nation threatens the foundation of our society!”

    Should it be fixed? Of course. Should it be a priority? No.

  4. Super_Man Says:

    Overall grade of a D, maybe the U.S. needs to hit the books a little harder. This could potentially be devastating. I wonder who is behind the attacks, I was reading that there is reason to believe it is the chinese. “I think that China recognises if in a very strategic sense you want to ensure you have the ability to exploit another country’s potential weakness or vulnerability, but do it in a way that isn’t confrontational …this is a very good way of doing that.” http://www.newsy.com/videos/u_s_power_grid_hacked/ had a pretty solid video about the whole ordeal. Regardless, we need to take action now, and we need to start being more proactive about issues instead of waiting for problems to arise and then try to tackle them.

  5. David Worthington Says:

    @JDoors How clean is the drinking water that you consume each day, and how safe is the bridge that you drive over?

  6. Hollie Powell Says:

    I think that the stimulus package have helped a lot in restoring the economy. right now we can see some improvements in the economy. right now we can see some improvements in the eco..’

1 Trackbacks For This Post

  1. Obama’s Cybersecurity Initivate a Step in the Right Direction | Technologizer Says:

    […] April, I wrote “Obama gets it,” in an article about how critical U.S.infrastructure was vulnerable to damage and disruption. While some of the details haven’t been shared yet, the initiative […]